The holiday season is the best time of the year for many around the globe, it is a time to celebrate, reflect and recharge. In this digital age, unfortunately it is also the time when the jackal is on the prowl (malicious actor), looking to take advantage of weaknesses in the technology and the nowise users. The purpose of this article is to help educate the general workforce on how to protect themselves and their enterprise.
During the holiday season employees are working hard and at the same time trying to take care of their holiday shopping while they are at work. There are three scenarios, 1) use of corporate devices to shop online, 2) use of personal devices (BYOD) that are connected to the corporate internet, and 3) remote or hybrid workers.
It comes as no surprise that the above scenarios expose the enterprise to a variety of potential risks, yet there are a variety of tools that can be utilized to mitigate these risks.
- Strengthen your security awareness program and ensure it includes:
- Blocking of harmful websites that aren’t secure
- Knowledge of online retailers that aren’t legitimate
- Education on sensitive information that should never be shared
- Utilizing passphrases and/or multi-factor authentication where possible to secure online accounts
- Implement controls to safeguard the network:
- Block software downloads: This can be achieved with the help of firewalls and OS configurations on the end user computer. This will stop malicious websites attempting to install software without the user’s consent.
- Block malicious websites: This can be accomplished with the help of browser extensions (Freedom, Stay Focused), browser built in features, web filtering policy, and DNS services (Auad9, Cloudflare)
- Mitigate DNS poisoning/spoofing: Implement DNS Security Protocol which uses public-key cryptography to verify that an authoritative nameserver is providing correct information back to the requesting device. This effectively keeps a malicious actor from hijacking a DNS server and routing user requests to malicious websites.
- DDOS attacks: There are specialized equipment and a variety of service providers that can help enterprises mitigate DDOS, i.e. Cloudflare, Akamai
- Dual -Home Host: This should be a standard setup on corporate issues devices when employees are connecting to the corporate network remotely. This acts as a simple firewall and stops direct IP traffic between the internet and the corporate network.
Remind everyone to be safe and when in doubt seek out help/assistance, and report immediately if they see or notice anything suspicious while shopping online. It’s important to empower staff and remind them they are the first line of defense
Helpful Resources you can share:
Glossary of Cybersecurity Threats and Scams for 2025
A Complete Guide to Safe Online Shopping
Cyber Safety When Shopping Online
10 Tips for a Safer Online Shopping
10 Cybersecurity Tips for Safe Online Shopping
